John, You might also need/want to add "-s0" to let it capture the entire packet including payload. This will let Wireshark do a better job at decoding the protocol. (By default tcpdump will only grab the first 68 bytes.)
Jim ----- Original Message ----- From: Guy Harris <[EMAIL PROTECTED]> Date: Tuesday, October 24, 2006 1:26 pm Subject: Re: [Wireshark-users] Use tcpdump to capture for Wireshark? To: Community support list for Wireshark <wireshark-users@wireshark.org> > John Oliver wrote: > > I redirected the output of tcpdump to an ASCII text file, but > Wireshark> doesn't like that. How can I capture traffic with > tcpdump in a format > > that Wireshark will understand? > > By using the "-w" flag. (That's also how you capture traffic with > tcpdump in a format that tcpdump will understand, and that some > other > free and commercial tools will understand. It's libpcap format, > the > same format that Wireshark/TShark uses.) > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-users > _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
